US9985994B2ExpiredUtilityPatentIndex 51
Enforcing compliance with a policy on a client
Est. expiryApr 21, 2026(expired)· nominal 20-yr term from priority
H04L 29/06H04L 12/66H04L 63/20G06F 21/56G06F 15/16G06F 21/606H04L 41/0893H04L 63/0227H04L 63/108H04L 67/02H04L 63/102G06F 2212/502H04L 63/205H04L 41/0894
51
PatentIndex Score
0
Cited by
98
References
17
Claims
Abstract
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer-implemented method in a gateway node device for enforcement of client computer policy compliance on a communication network, the method comprising the steps of:
receiving, on the communication network, a data transmission from a client computer comprising status information, the status information associated with a configuration and operational status of the client computer and including hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer;
determining if a temporary policy for the client computer is active, the temporary policy generated for the data transmission;
responsive to a determination that the temporary policy for the client computer is active, permitting the data transmission to continue;
responsive to a determination that the temporary policy for the client computer is not active, determining whether the status information meets a criteria, the criteria determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with desired hash values; and
responsive to a determination that the status information does not meet the criteria:
preventing the data transmission from continuing; and
sending, on the communication network, a message to the client computer indicating an invalid license for the at least one program installed on the client computer and providing information to network resources for remediation of the invalid license.
2. The computer-implemented method of claim 1 , wherein a process on the client computer intercepts a data transmission, and adds the status information to the data transmission, prior to being sent to the gateway node device.
3. The computer-implemented method of claim 2 , wherein the status is added to header fields in at least one frame involved in the data transmission, prior to being sent to the gateway node device.
4. The computer-implemented method of claim 1 , wherein a first time stamp indicates when a temporary policy was initiated.
5. The computer-implemented method of claim 1 , wherein a second time stamp indicates when a last transmission was sent by the client computer.
6. The computer-implemented method of claim 1 , wherein the network resources comprise
redirecting the client computer to a web page allowing remediation of the invalid license.
7. The computer-implemented method of claim 1 , further comprising the steps of:
determining if the invalid license has been remedied;
in response to a determination that the invalid license has been remedied, allowing the data transmission to continue.
8. The computer-implemented method of claim 7 , wherein the determination of whether the invalid license has been remedied is determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with the desired hash values.
9. A non-transitory computer-readable medium storing computer instructions that, when executed by a processor, perform a method in a gateway node device for enforcement of client computer policy compliance on a communication network, the method comprising the steps of:
receiving, on the communication network, a data transmission from a client computer comprising status information, the status information associated with a configuration and operational status of the client computer and including hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer;
determining if a temporary policy for the client computer is active;
responsive to a determination that the temporary policy for the client computer is active, permitting the data transmission to continue;
responsive to a determination that the temporary policy for the client computer is not active, determining whether the status information meets a criteria, the criteria determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with desired hash values; and
responsive to a determination that the status information does not meet the criteria:
preventing the data transmission from continuing; and
sending, on the communication network, a message to the client computer indicating an invalid license for the at least one program installed on the client computer and providing information to network resources for remediation of the invalid license.
10. The computer-readable medium of claim 9 , wherein a process on the client computer intercepts a data transmission, and adds the status information to the data transmission, prior to being sent to the gateway node device.
11. The computer-readable medium of claim 10 , wherein the status is added to header fields in at least one frame involved in the data transmission, prior to being sent to the gateway node device.
12. The computer-readable medium of claim 9 , wherein a first time stamp indicates when a temporary policy was initiated.
13. The computer-readable medium of claim 9 , wherein a second time stamp indicates when a last transmission was sent by the client computer.
14. The computer-readable medium of claim 9 , wherein the network resources comprise
redirecting the client computer to a web page allowing remediation of the invalid license.
15. The computer-readable medium of claim 9 , further comprising the steps of:
determining if the invalid license has been remedied;
in response to a determination that the invalid license has been remedied, allowing the data transmission to continue.
16. The computer-readable medium of claim 15 , wherein the determination of whether the invalid license has been remedied is determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with the desired hash values.
17. A gateway node device for enforcement of client computer policy compliance on a communication network, the gateway node device comprising:
a processor; and
a memory, the memory storing:
a first module to receive, on the communication network, a data transmission from a client computer comprising status information, the status information associated with a configuration and operational status of the client computer and including hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer;
a second module to, determine if a temporary policy for the client computer is active;
a third module to, responsive to a determination that the temporary policy for the client computer is active, permit the data transmission to continue;
a fourth module to, responsive to a determination that the temporary policy for the client computer is not active, determine whether the status information meets a criteria, the criteria determined through a matching of the hashed representations of the client computer configuration and operational status data of a license for at least one program installed on the client computer with desired hash values; and
a fifth module to, responsive to a determination that the status information does not meet the criteria, prevent the data transmission to continue, and send, on the communication network, a message to the client computer indicating an invalid license for the at least one program installed on the client computer and providing information to network resources for remediation of the invalid license.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.